<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN'>

<html><head><title>531096-00292.htm</title>

<meta name='vs_defaultClientScript' content='JavaScript'>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name='vs_targetSchema' content='http://schemas.microsoft.com/intellisense/ie3-2nav3-0'>

<meta name='Originator' content='CommentWorks'></head><body><Table>

<tr><td><b>Comment Number: </b></td><td>531096-00292</td></tr>

<tr><td><b>Received: </b></td><td>9/5/2007 4:45:03 PM</td></tr>

<tr><td><b>Organization: </b></td><td>Independence Bank of Kentucky</td></tr>

<tr><td><b>Commenter: </b></td><td>Debra Clayborn</td></tr>

<tr><td><b>State: </b></td><td>KY</td></tr>

<tr><td><b>Agency: </b></td><td>Federal Trade Commission</td></tr>

<tr><td><b>Rule: </b></td><td>Private Sector Use of SSNs</td></tr>

<tr><td>No Attachments</td></tr></Table>

<hr><P><b>Comments:</b></p>September 5, 2007


Federal Trade Commission

Office of the Secretary

Room H-135 (Annex K)

600 Pennsylvania Ave, NW

Washington, DC 20580


Re: Project No. PO75414


Dear Sirs: 


Thank you for providing the opportunity to comment on the Identity Theft Task Force's proposal related to the private sector use of social security numbers (SSN).  Our institution is a FDIC regulated community bank with an asset size of $625 million and approximately 220 employees located in western Kentucky.  


The banking industry is required to collect and use social security numbers for IRS reporting of interest paid to or received by our customers for tax evaluation.  We, generally, collect the SSN at the origination of an account and retain it through our record retention period, which may vary based on regulation or state law.  Besides IRS reporting, we use SSN to meet the regulatory requirements of the Bank Secrecy Act (BSA) for terrorist research, suspicious activity reports, and large dollar transaction reporting.  Kentucky state laws impose obligations whereby the SSN is necessary to complete the required reporting for escheatment of unclaimed monies and Data Match programs for delinquent child support and unpaid state taxes.  The sanctions of OFAC often require verification with an individual’s SSN to determine a legitimate match.  Although reporting to a consumer reporting agency is not required by regulation, it is an important function for our industry and includes the use of SSN.  In addition to these, internally we use the SSN as a resource for verification of customer identification, internal communications, as an option to recall customer information retained in our data housing system, and customer relationship management. 


Our institution uses the SSN as an authenticator internally, with government agencies, and the other entities as mentioned above.  Although we obtain a SSN at account origination, we do not ask the customer to identify themselves with a SSN thereafter for electronic communications or face-to-face transactions.  This authentication is obtain by use of a passcode, by accurate response to a previously answered question that only the customer would know, or by requesting that the customer outline recent account activity.      


When so many different entities and data systems have to talk to each other, a common key identifier is absolutely necessary.  The SSN is vital to all multi-business communications related to consumers since it is the only consistent and unique component available for recognizing an individual from birth to death.  Many of our existing business communications would cease immediately if we were unable to use the SSN as an identifier.  Restricting the use of SSN in the private sector would cause havoc to the financial world by stopping the information flow that for allows high-speed customer transactions processing.  The expense nationally would be mind-boggling  would we need to attempt development of a common key identifier that could enable the expeditious communication of which we are all accustomed, without taking into account the time it would require.  The cost to our organization could be from $25,000 upward, dependent upon the extent of reprogramming required to remove the SSN from our data housing system without a cost saving reduction in fraud losses caused by the restricted use of SSN.  However, we would still have to collect and store the numbers for required reporting.  


Our institution has its share of fraud and reported identity thefts, but the fact that either is related to or caused by the theft of an individual’s SSN is nearly nonexistent.  We find that most fraud and identity thefts are initiated from compromised debit and credit card numbers, Internet scams, intrusion of information system, counterfeited checks, and neglect on the part of the SSN owner.  We are confident that theft of the SSN alone would not provide thieves the ability to fraudulently conduct financial activity.  The financial industry is required to obtain photo identification prior to opening accounts and to have procedures for identification of existing customers like passcodes or security questions.  We believe that, as an alternative to restricting the use of the SSN, consideration should be given to defining safeguarding methods used when entities communicate using the SSN as a common identifier.   Internal databases could be required to truncate or hide the SSN with specific information access restrictions, forbid the SSN inclusion on written communications, using SSL32 data encryption for electronic communication, maintain defined intrusion detection software on all storage systems, limit the length of record retention, as well as, use of other safeguards for the SSN from collection to the destruction of SSN records.


Again, we appreciate your consideration of our comments.  Banks regularly bear the burden related to financial fraud and enthusiastic support effective efforts to impede identity theft.  It is our hope that the information provided in this letter is useful to you regarding the development of a strategic plan covering the private sector use of social security numbers. 


Sincerely,


Debra A Clayborn, CRCM, CTA

VP Compliance and CRA Officer 

Independence Bank of Kentucky

2425 Frederica St

Owensboro, KY 42301

270-686-1776

 
</body></html>